ZoneAlarm Pro FREE for one day
Check Point Software Technologies Ltd the company behind ZoneAlarm security solutions is likely to offer its product ZoneAlarm Pro security package for free with one year’s subscription. This offer is available for only 24 hours beginning 6 AM PDT on November 18, 2008.
Read more
If you enjoyed this post, make sure you subscribe to my RSS feed!
Rootkits: They’re sneaky, But are they a major threat?
November 16, 2008 by Shanmuga
Filed under Recommended Reads
"Frank Boldewin had seen a lot of malicious software in his time, but never anything like Rustock.C. Used to infect Windows PCs and turn them into unwitting spam servers, Rustock.C is a rootkit that installs itself on the Windows operating system and then uses a variety of sophisticated techniques that make it nearly impossible to detect or even analyze.
Read more
If you enjoyed this post, make sure you subscribe to my RSS feed!
Microsoft’s Stance on Piracy Affects Us All
November 16, 2008 by Shanmuga
Filed under Recommended Reads
"As it stands today, Microsoft’s policy allows pirated copies to receive patches automatically through AutoUpdate, yet forbids them from downloading them directly from Microsoft’s Web site. Despite some tweaks to its policy, however, the company continues to make it difficult for users of pirated versions of its operating system to patch reliably.
Read more
If you enjoyed this post, make sure you subscribe to my RSS feed!
OSX.Lamzev.A - An OS X malware
November 16, 2008 by Shanmuga
Filed under Trojan Horse
A new trojan for the OS X has been discovered. When the Trojan is executed, it creates the following file:
/Applications/ezmal
Read more
If you enjoyed this post, make sure you subscribe to my RSS feed!
Firefox 3.0.4 fixes several security issues
November 13, 2008 by Shanmuga
Filed under Browser Security, Vulnerabilities
Mozilla today released Firefox 3.04 which addresses many several security issues among other bug fixes and exhancements.
The update fixes the following critical issues:
Read more
If you enjoyed this post, make sure you subscribe to my RSS feed!
Microsoft explains seven-year-old patch delay
November 13, 2008 by Shanmuga
Filed under Vulnerabilities
"Microsoft Corp. late yesterday explained why it had been unable to patch a seven-year-old bug until recently, saying that it was only in the last year that it figured out how to fix the flaw without breaking most network-based applications.
Read more
If you enjoyed this post, make sure you subscribe to my RSS feed!
Spam Drops After Internet Providers Disconnect a California Hosting Firm
"The servers are operated by McColo Corp., which these experts say has emerged as a major U.S. hosting service for international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography via email.
Read more
If you enjoyed this post, make sure you subscribe to my RSS feed!
VirusTrigger Analysis and Removal
November 13, 2008 by Shanmuga
Filed under Featured, Rogue Security Software, spyware removal
VirusTrigger is a new entrant to the ever growing family of rogue security software products. A clone of the rouge Antivirus Lab, the software and their Website is very professional in design and uses a variety of aggressive scare messages about non-existent malware infections.
VirusTrigger rogue antispyware
Definition of a Rogue Security software: A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.
- VirusTrigger - Domain Information and Installation
- VirusTrigger - Associated Files and Folders
- VirusTrigger - Associated Registry keys and values
- VirusTrigger - Associated Domains
- VirusTrigger - Removal (How to remove WinDefender 2009)
- VirusTrigger - Rogue Gallery
- VirusTrigger - Video
VirusTrigger - Domain Information and Installation
This rogue anti-spyware currently installs from multiple domains like virtrigger.com, virus-trigger.com, systemtrigger.com, virus-triggers.com and virustrigger2009.com all living in a server belonging to viruslabs2009.com at IP 74.50.110.184, currently not listed in any blacklists. All the virustrigger domains except virus-trigger.com use china and singapore based privacy protection services to hide their names and country of origin. virus-trigger.com is registered to Valters Buss of Latvia by the registrar DotArai Co., Ltd.
Image coutesy robtex.com
The installation file is named vrt_setup.exe, 1.40 MB in size. It is identified in various names by about 7 out of 36 (19.44%) engines at VirusTotal. This file must be manually executed for the installation of the rogue anti-spyware.
VirusTotal results for VirusTrigger
Once installed by the user, it produces various scare messages, an unwary user might have great difficulty in ignoring.
When the user is tricked into clicking on one of the confirmation buttons, the VirusTrigger rogue loads the default Internet browser and opens its subscription page, once a desired subscription is selected the browser is re-directed to their payment processor segpay.com. This rogue was observed making periodical GET requests to a file named sync.php at the following domains: virtrigger.com, virus-trigger.com, systemtrigger.com, virus-triggers.com and virustrigger2009.com using the process VirusTriggerBin.exe.
VirusTrigger Get request
VirusTrigger - Associated Files and Folders
- C:\Program Files\VirusTriggerBin\uninst.exe
- C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe
- C:\Program Files\VirusTriggerBin
- C:\Documents and Settings\Shanmuga\Start Menu\Programs\VirusTrigger 2.1\VirusTrigger 2.1.lnk
- C:\Documents and Settings\Shanmuga\Start Menu\Programs\VirusTrigger 2.1
- C:\Documents and Settings\Shanmuga\Start Menu\VirusTrigger 2.1.lnk
- C:\Documents and Settings\Shanmuga\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusTrigger 2.1.lnk
- C:\WINDOWS\Prefetch\VIRUSTRIGGERBIN.EXE-0A907FE7.pf
VirusTrigger - Associated Registry keys and values
- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}
- HKCR\CLSID\{096CBA44-4A4C-49F7-8903-1E75550ABCB7}
- HKCR\CLSID\{096CBA44-4A4C-49F7-8903-1E75550ABCB7}
- HKCR\CLSID\{096CBA44-4A4C-49F7-8903-1E75550ABCB7}\InprocServer32
- HKCR\CLSID\{096CBA44-4A4C-49F7-8903-1E75550ABCB7}\InprocServer32#ThreadingModel
- HKCR\CLSID\{096CBA44-4A4C-49F7-8903-1E75550ABCB7}\ProgID
- HKCR\CLSID\{096CBA44-4A4C-49F7-8903-1E75550ABCB7}\Programmable
- HKCR\CLSID\{096CBA44-4A4C-49F7-8903-1E75550ABCB7}\TypeLib
- HKCR\CLSID\{096CBA44-4A4C-49F7-8903-1E75550ABCB7}\VersionIndependentProgID
- HKCR\VirusTriggerBinWarning.WarningBHO.1
- HKCR\VirusTriggerBinWarning.WarningBHO.1\CLSID
- HKCR\VirusTriggerBinWarning.WarningBHO
- HKCR\VirusTriggerBinWarning.WarningBHO\CLSID
- HKCR\VirusTriggerBinWarning.WarningBHO\CurVer
- HKCR\TypeLib\{3ED86073-2FA7-4cf4-810B-28B030671678} C:\PROGRAM FILES\VIRUSTRIGGERBIN\VIRUSTRIGGERBINWARNING.DLL
- HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
- HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
- HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0
- HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0\win32
- HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
- HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
- HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
- HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
- HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
- HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
- HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
- HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
- HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
- HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
- HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
- HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version
- HKU\S-1-5-21-746137067-776561741-1417001333-1003\Software\VirusTriggerBin
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin#DisplayName
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin#UninstallString
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin#DisplayIcon
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin#DisplayVersion
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin#NSIS:StartMenuDir
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin#URLInfoAbout
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin#Publisher
- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}#NoExplorer
- HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\VirusTriggerBin
- HKU\S-1-5-21-746137067-776561741-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run#VirusTriggerBin [ "C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe" ]
VirusTrigger - Associated Domains
- virtrigger.com
- virus-trigger.com
- systemtrigger.com
- virus-triggers.com
- virtriggersupport.com
- virustrigger2009.com
- segpay.com
- viruslabs2009.com
VirusTrigger - Removal (How to remove VirusTrigger)
The free versions of MalwareBytes’s Anti-Malware and SuperAntiSpyware appear to remove this rogue security software quite comfortably.
- Dowonload and Install either MalwareBytes’s Anti-Malware or SuperAntiSpyware from the links above.
- Boot in to Windows Safe mode.
- Click to scan with your chosen software. Check mark all instances of the rogue antispyware and delete them.
- Turn System Restore off and on.
- If you haven’t done yet, download, install scan and clean the temporary files with CCleaner.
You should now be clean of this rogue.
If you still see symptoms associated with this rogue anti-spyware, please post your problem at one of the Recommended Online Forums for Malware Help.
Note: The above installation was tested on a fully patched Windows XP SP3 running updated versions of Internet Explorer 7 and Firefox 3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.
If you enjoyed this post, make sure you subscribe to my RSS feed!
SURBL anti-spam blacklist to be a paid service
"The operator team of the SURBL anti-spam blacklist have announced a far-reaching change to the usage policy. While the use of the project’s DNS server has been free so far, the list’s operators are now demanding a usage fee from service providers that offer spam filter services for more than 1,000 mailboxes or 250,000 emails per day.
Read more
If you enjoyed this post, make sure you subscribe to my RSS feed!
Anti-malware Testing Guidelines Published
"The Anti-Malware Testing Standards Organization has published a set of best practices and guiding principles for testing security software. Call it a much-needed first step.
Read more
If you enjoyed this post, make sure you subscribe to my RSS feed!
